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FINAL ACTION 

1 . This action is in response to amendment filed 1 2/1 6/2008. 

2. Claims 1-14 (canceled). Claims 15-30 are new. Claims 15-30 are pending. 



Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

3. Claim 28 is rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. Applicant's recital of a "server arranged for" 
is considered non-statutory subject matter on the basis it recites no link to a specific 
hardware component and the fact that well known in the art that "a server" is simply 
software code. Applicant is advised to amend claim 28 to incorporate a reciting linking 
the server to a specific hardware element (e.g. "server code operating on a computer, 
arranged to") or some form thereof. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

4. Claims 1 5-30 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Robin (US Patent No. 5,638,446) in view of Levi et al (US Patent No. 6,804,778 and 
Levi hereinafter). 
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5. As to claim 15, Robin teaches a method for distributing software components, the 
method comprising the steps of: 

deriving a first software component identifier (e.g., certificate) from a software 
component (i.e., ... teaches acquire a certificate which authenticates a file (e.g., 
software file [col., 3, lines 15-18]); 

creating, by an integrity certificate originator and using the first software 
component identifier, (i.e., ... teaches would acquire a certificate which authenticates a 
file by first creating a hash of the file (e.g., software file) using a cryptographically strong 
deterministic algorithm [col. 3, lines 13-18]); 

retrieving the software component through a client computer (i.e., ... teaches a 
user (e.g., client) retrieving the file (e.g., software component) [col. 3, lines 49-52]); 

creating integrity test data by performing, on the software component (i.e., ... 
teaches checking the integrity of the file and the identity of the author [col. 3, lines 25- 
30]); 

deriving, by the client computer, a second software component identifier from the 
software component (i.e. ... teaches a user (U) then computes the cryptographic hash of 
the file [col. 6, lines 10-13]); 

retrieving the integrity certificate by the client computer and using the second 
software component identifier (i.e., ... teaches a user (U) retrieves a file and the 
certificate [col. 6, lines 5-10]); 



Application/Control Number: 10/534,951 Page 5 

Art Unit: 2431 

Robin does not expressly teach the claim limitation element of an integrity certificate 
having the integrity test data and an integrity test relating to at least one of the quality 
and the functionality of the software component and disclosing the integrity test data to 
a user by the client computer. 

However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Robin as introduced by Levi. Levi discloses: an 
integrity certificate having the integrity test data and an integrity test relating to at least 
one of the quality and the functionality (e.g., issue of problematic behavior) of the 
software component (to provide the capability to verify for problematic behavior of 
downloaded software code [col. 16, lines 50-61]); 

and disclosing the integrity test data to a user by the client computer (to provide 
capability to display verifiable and non-verifiable objects (e.g., downloaded code) to the 
user [col. 16, lines 61-65]). 

Therefore, given the teachings of Levi, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
Robin by employing the well known features of verifying problematic downloaded code 
as disclosed above by Levi, for which software distribution will be enhanced [col. 16, 
lines 61-65]. 
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6. A to claim 16, Robin teaches a method recited further comprising the step of 
registering, in a certificate register, the integrity certificate of the software component 
using the first software component identifier [col. 3, lines 13-18]. 

7. As to claim 17, Robin teaches a method where the integrity certificate retrieving 
step comprises the step of accessing of the certificate register (i.e., ... teaches the act 
of registering to obtain a certificate [col. 3, lines 10-20]). 

8. As to claim 18, Robin teaches a method further comprising the step of verifying 
an identity of the integrity certificate originator (i.e., ... teaches checking the integrity of 
the file and the identity of the author [col. 3, lines 25-30]). 

9. As to claim 20, Robin teaches a method further comprising the step of verifying 
the digital signature (i.e., ... teaches U then verifies that T's signature on the certificate is 
correct using T's public key [col. 6, lines 7-12]). 

1 0. As to claim 21 , Robin teaches a method further comprising the step of matching 
the integrity test data to a user's preferred requirements (col. 6, lines 10-15). 

1 1 . Claim 22, Robin teaches a method further comprising the step of retrieving the 
integrity certificate from the client compute (col. 6, lines 8-11). 
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12. Claim 23, Robin teaches a method further comprising the step of retrieving the 
integrity certificate from a computer associated with a supplier of the software 
component (col. 3, lines 8-15). 

13. Claim 24, Robin teaches a method further comprising the step of retrieving the 
integrity certificate from a computer associated with a trusted certificate originator (col. 
3, lines 23-27). 

14. As to claim 25, Robin teaches a method further comprising the step of mailing 
the integrity certificate, through email, to the client computer (col. 3, lines 55-60). 

15. As to claim 26, Robiin teaches a method further comprising the step of 
determining the integrity test data using common criteria (CC) (i.e., ... teaches 
determining verification data (e.g. integrity test data) based on data common to 
originator [14 c, fig.1]). 

16. As to claim 27, although the system of Robin shows substantial features of the 
claim invention, however Robin does not disclose: 

A method where the integrity test data comprises a rating of the quality of the 
software component with respect to at least one of robustness, reliability, soundness 
and completeness. 
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However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Robin as introduced by Levi. Levi discloses: 
A method where the integrity test data comprises a rating of the quality of the 
software component with respect to at least one of robustness, reliability, soundness 
and completeness (to provide the capability to verify problematic behavior as part of a 
software integrity verification process [col. 16, lines 50-61]); 

Therefore, given the teachings of Levi, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
Robin by employing the well known features of verifying problematic downloaded code 
as disclosed above by Levi, for which software distribution will be enhanced [col. 16, 
lines 61-65]. 

1 7. As to claim 28, Robin teaches a server arranged for: 

deriving (e.g., creating) a software component identifier from a software 

component (i.e., ...teaches a creating a hash of the file (e.g., software component 

identifier [col. 3, lines 15-21]); 

creating, by a certificate originator, an integrity certificate having the integrity test 

data (i.e., ... teaches generating a certificate containing verification data [col. 5, lines 55- 

65]); 
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labeling, by the integrity certificate originator, the integrity certificate with the 
software component identifier (i.e., ... teaches signing the certificate [col. 3, lines 20- 
25]), 

allowing retrieval of the software component (e.g., downloading the file) by a 
client computer [col. 6, lines 5-10]; 

and allowing retrieval of the integrity certificate by the client computer using the 
software component identifier (col. 3, lines 23-27). 

Robin does not teach the claim limitation element of creating integrity test data by 
performing an integrity test relating to at least one of the quality and functionality of the 
software component; 

However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Robin as introduced by Levi. Levi discloses the 
claim limitation element of creating integrity test data by performing an integrity test 
relating to at least one of the quality and functionality (e.g., problematic behavior) of the 
software component (to provide the capability to verify and display to a user the 
verification of potential problematic behavior in downloaded software code [col. 16, lines 
50-61]); 

Therefore, given the teachings of Levi, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
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Robin by employing the well known features of verifying problematic downloaded code 
as disclosed above by Levi, for which software distribution will be enhanced [col. 16, 
lines 61-65]. 

18. As to claim 29, Robin teaches a client computer arranged for: 

retrieving a software component from a server (i.e., ... teaches secure 
distribution of the file is achieved when a user (hereinafter U) wants to access and 
download a file. ... teaches user (U) connects to the location of the file (i.e. As server) 
[col. 6, lines 5-10]); 

deriving a software component identifier from the software component (i.e., ... 
teaches would acquire a certificate which authenticates a file by first creating a hash of 
the file using a cryptographically strong deterministic algorithm [col. 3, lines 13-18]); 

retrieving, using the software component identifier, an integrity certificate having 
integrity test data (i.e., ... teaches the act of retrieving a certificate for purpose checking 
file integrity [col. 3, lines 23-35]), 

an integrity certificate having integrity test data (col. 5, lines 55-65); 

Robin does not disclose the claim limitation element of disclosing the integrity test data 
to a user. 

However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Robin as introduced by Levi. Levi discloses the 
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claim limitation element of disclosing the integrity test data to a user (to provide 
capability to display the verifiable and non-verifiable nature of a problematic object (e.g., 
downloaded code) to the user [col. 16, lines 61-65]). 

Therefore, given the teachings of Levi, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
Robin by employing the well known feature of displaying to a user verification data as 
disclosed above by Levi, for which software distribution will be enhanced [col. 16, lines 
61-65]. 

19. As to claim 30, Robin teaches a computer readable medium having computer 
executable instructions stored therein for instruction by a client computer which, when 
executed, cause the client computer to perform the steps of: 

retrieving a software component from a server (i.e., ... teaches secure 
distribution of the file is achieved when a user (hereinafter U) wants to access and 
download a file. ... teaches user (U) connects to the location of the file (i.e. As server) 
[col. 6, lines 5-10]); 

deriving a software component identifier from the software component (i.e., ... 
teaches would acquire a certificate which authenticates a file by first creating a hash of 
the file using a cryptographically strong deterministic algorithm [col. 3, lines 13-18]); 
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retrieving, using the software component identifier, an integrity certificate having 
integrity test data (e.g., ... teaches retrieving a certificated for purpose of integrity 
checking [col. 3, lines 23-28]), 

and disclosing the integrity test data to a user (i.e., ... teaches after generating 
the certificate, the certificate is sent A or store it in a publicly accessible location and 
notify A as to where it is stored [col. 5, lines 64-67]). 

Robin does not teach the claim limitation element of the test data relating to at least one 
of the quality and functionality of the software component; 

However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Robin as introduced by Levi. Levi discloses the 
claim limitation element of the test data relating to at least one of the quality and 
functionality (e.g., potential problematic behavior) of the software component (to provide 
the capability to detect the potential for problematic behavior in downloaded software 
code [col. 16, lines 50-61]); 

Therefore, given the teachings of Levi, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
Robin by employing the well known features of verifying problematic downloaded code 
as disclosed above by Levi, for which software distribution will be enhanced [col. 16, 
lines 61-65]. 
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20. Claim 19 rejected under 35 U.S.C. 103(a) as being unpatentable over Robin in 
view of Levi as applied to claim 1 above, and further in view of Atkinson et al. (US 
Patent No.5,892,904 and Atkinson hereinafter). 
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21 . As to claim 19, although the system of Robin in view of Levi illustrates substantial 
features of the claim invention, however both Robin and Levi does not disclose: 

A method recited further comprising the step of adding a digital signature to the 
integrity certificate. 

However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by the combination of Robin and Levi as 
introduced by Atkinson. Atkinson discloses: 

A method recited further comprising the step of adding a digital signature to the 
integrity certificate (to provide the capability to append a digital signature to a certificate 
[col. 2, lines 60-65]). 

Therefore, given the teachings of Atkinson, a person having ordinary skill in the art at 
the time of the invention would have recognized the desirability and advantage of 
modifying the combination of Robin and Levi by employing the well known features of 
appending a digital signature a certificate disclosed above by Atkinson, for which 
software distribution will be enhanced [col. 2, lines 60-65]. 



Response to Arguments 
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Applicant's arguments with respect to claims 15-30 have been considered but are 
moot in view of the new ground(s) of rejection under the teaching of Robin, Levi and 
Atkinson. Applicant has cancelled claims 1-14 and added claims 15-30. Therefore, all 
remarks as so presented by applicant on 12/16/2008 in regards to claims 1-14 have not 
been considered and stands moot in view of the new rejection set forth in this Office 
Action under the teachings of Robin, Levi, and Atkinson. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See M PEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 



Contact Information 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to BRYAN WRIGHT whose telephone number is (571)270- 
3826. The examiner can normally be reached on 8:30 am - 5:30 pm Monday -Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, AYAZ Sheikh can be reached on (571 )272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/BRYAN WRIGHT/ 
Examiner, Art Unit 2431 
/Ayaz R. Sheikh/ 

Supervisory Patent Examiner, Art Unit 2431 



